[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] how to add route to openvpn internal routing table


  • Subject: Re: [Openvpn-users] how to add route to openvpn internal routing table
  • From: /dev/rob0 <rob0@xxxxxxxxx>
  • Date: Wed, 5 Oct 2005 01:00:31 -0500

On Tuesday 2005-October-04 09:02, Konrad Karl wrote:
> ---- 192.168.1.1/24 --- eth0 ----
>
>                     | Machine A  |
>                     |
>                     | tun0       |
>                     | 10.100.0.4 |
>
> 		    -------------
>                     -------------
>
>                     | Machine M  |
>
>                     -------------
>                     -------------
>
>                     | 10.100.0.8 |
>                     | tun        |
>                     | Machine B  |                           
>                     | -------------------------
>
> 		     ----eth0 ----192.168.2.1/24--- ROUTER -- |172.16.1.1/16
> Machine D| -------------------------
>
> Machines A and B are behind some NATting firewalls, Machine M has got
> an official IP address and is only being used to establish
> connectivity between A and B. (this connectivity is working OK)

Then it looks like openvpn is not a factor here.

> Machine A wants to access machine D via NAT/MASQUERADE on machine B.

Why NAT?

> B's default route is pointing to the left side of "ROUTER" and B can
> connect to machine D.

So B goes through ROUTER to establish the tunnel to M?

> A has got a route table entry to route dest 172.16.x.y via dev tun0,
> but now on M the packets should get forwarded to machine B.
>
> Question:
>
> How to add an entry to the internal routing table of the openvpn2
> instance running on M

Why the internal openvpn routing table? Why is M involved? Can't you 
just use a route like this on A:
ip route add 172.16.0.0/12 via 10.100.0.8

> so packets with destination 172.16.x.y are 
> getting routed via machine B and then NAT'ed via "ROUTER" to machine
> D ?

You can reach D but also want to reach other machines on that subnet?  
If so this is a FAQ, or perhaps it should be. Routing has to be set up 
on both ends. Machines on D's subnet have to know to use D as their 
gateway to reach A.

> (on M client-to-client is enabled)

Client-to-client is a --mode server feature. I am confused. A and B are 
each clients of server M and not directly tunnelled? Probably doesn't 
matter, unless D is also a client of M's server.

> I have already tried to add a static route on M like this:
> route add -net 172.16.0.0/16 gw 10.100.0.8 but this did not work - B
> was not connected while I tried though.  (SIOCADDRT: Network is
> unreachable)

Does M have a route to 10.100.0.8? Apparently not.

> Thanks for any help,

I really don't understand what you are trying to do here.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header

____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users